{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103527?format=json","vulnerability_id":"VCID-u31g-svbe-h3as","summary":"Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.","aliases":[{"alias":"CVE-2008-2712"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/133756?format=json","purl":"pkg:deb/debian/vim@1:7.1.314-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vim@1:7.1.314-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/133748?format=json","purl":"pkg:deb/debian/vim@2:8.2.2434-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d9p-66h6-fbar"},{"vulnerability":"VCID-1ef9-jhca-vfeg"},{"vulnerability":"VCID-1gst-ev7m-c3cj"},{"vulnerability":"VCID-1kbw-zfrc-w7gz"},{"vulnerability":"VCID-1kfp-e45g-budt"},{"vulnerability":"VCID-1kxn-f5y3-wfhg"},{"vulnerability":"VCID-1u4v-q5sa-uben"},{"vulnerability":"VCID-1wb3-q7mj-67eg"},{"vulnerability":"VCID-21th-v7zz-7fgx"},{"vulnerability":"VCID-2cad-1tff-d7bd"},{"vulnerability":"VCID-33vp-n2ex-eucn"},{"vulnerability":"VCID-37wt-gr46-3bfk"},{"vulnerability":"VCID-3jah-u714-m3gd"},{"vulnerability":"VCID-3n8u-q1fu-qbee"},{"vulnerability":"VCID-3t65-uwbj-abfh"},{"vulnerability":"VCID-44hm-r2z7-9kf9"},{"vulnerability":"VCID-466q-u5xw-w3g4"},{"vulnerability":"VCID-46bp-peus-qffx"},{"vulnerability":"VCID-4bz1-8c7q-ekfu"},{"vulnerability":"VCID-4c38-b6tw-ufd9"},{"vulnerability":"VCID-4gbu-7q6y-uyff"},{"vulnerability":"VCID-4n6v-zwra-vkda"},{"vulnerability":"VCID-569k-yq7a-mfdt"},{"vulnerability":"VCID-574e-1ack-pqff"},{"vulnerability":"VCID-5hjk-jbey-y7dj"},{"vulnerability":"VCID-68d3-j6xp-u3fw"},{"vulnerability":"VCID-6tph-4fts-mkds"},{"vulnerability":"VCID-71cb-u7jy-euc4"},{"vulnerability":"VCID-776a-wkg1-p7fq"},{"vulnerability":"VCID-77bk-xfwm-qbh3"},{"vulnerability":"VCID-79p5-rq7j-h3bx"},{"vulnerability":"VCID-7nat-nrts-dyau"},{"vulnerability":"VCID-7syq-qekh-cfc1"},{"vulnerability":"VCID-8337-c76a-gbde"},{"vulnerability":"VCID-85na-u24s-pfed"},{"vulnerability":"VCID-85z2-brt2-ubfa"},{"vulnerability":"VCID-864k-gdw7-gkcg"},{"vulnerability":"VCID-89zf-5yey-9bch"},{"vulnerability":"VCID-96sr-9kny-cbg6"},{"vulnerability":"VCID-9egw-bw85-x7f2"},{"vulnerability":"VCID-9gap-s1a9-aked"},{"vulnerability":"VCID-9wky-hnyq-7qe6"},{"vulnerability":"VCID-9xdf-m4d7-4ubt"},{"vulnerability":"VCID-a1d1-mbqa-x3ee"},{"vulnerability":"VCID-a3u1-4v99-93db"},{"vulnerability":"VCID-ah1v-nzqz-nbhv"},{"vulnerability":"VCID-ahu4-fduj-pkes"},{"vulnerability":"VCID-akgg-asjw-k7fe"},{"vulnerability":"VCID-apkm-mg6q-6kh8"},{"vulnerability":"VCID-aqts-gjq5-kbfc"},{"vulnerability":"VCID-aw2b-1g8c-qbfw"},{"vulnerability":"VCID-b749-1bpr-pqem"},{"vulnerability":"VCID-bb43-ykjv-tbas"},{"vulnerability":"VCID-bfj8-ev52-mbh1"},{"vulnerability":"VCID-bh1y-7m8f-hffe"},{"vulnerability":"VCID-bhjv-t75m-4bbs"},{"vulnerability":"VCID-bqp2-8xpn-h3d6"},{"vulnerability":"VCID-c3fd-ahn6-cygt"},{"vulnerability":"VCID-cdvg-q112-dbby"},{"vulnerability":"VCID-ckkg-gcdh-jqhd"},{"vulnerability":"VCID-cpvv-frpv-vqb4"},{"vulnerability":"VCID-crz8-sgq5-2qg9"},{"vulnerability":"VCID-d7rr-gwb7-xyfq"},{"vulnerability":"VCID-dc46-7wud-37c3"},{"vulnerability":"VCID-dc6a-q91z-pkhc"},{"vulnerability":"VCID-dvr5-sc2w-wkes"},{"vulnerability":"VCID-ead3-d3jj-ckfd"},{"vulnerability":"VCID-efmg-8rp8-fbcd"},{"vulnerability":"VCID-eg5f-mgrf-hff4"},{"vulnerability":"VCID-enyd-59nf-kkf7"},{"vulnerability":"VCID-ffjv-ucya-dyaz"},{"vulnerability":"VCID-frar-y25g-fkcr"},{"vulnerability":"VCID-fxs8-evy3-pyf6"},{"vulnerability":"VCID-gecw-77at-hkhf"},{"vulnerability":"VCID-gfqd-dgep-23h9"},{"vulnerability":"VCID-gmtk-gwvs-pugw"},{"vulnerability":"VCID-gmve-apcr-xqav"},{"vulnerability":"VCID-h5zu-mw4y-83em"},{"vulnerability":"VCID-h93h-421a-xfbd"},{"vulnerability":"VCID-hhc6-edy9-gbdr"},{"vulnerability":"VCID-huux-stsb-a7bj"},{"vulnerability":"VCID-jh9u-sk2h-2kde"},{"vulnerability":"VCID-jp5n-pgfm-wuct"},{"vulnerability":"VCID-jumk-chhp-67e9"},{"vulnerability":"VCID-k8yw-7wcu-bfeg"},{"vulnerability":"VCID-kmwc-jqxg-y3eq"},{"vulnerability":"VCID-knhh-ppe3-jbgd"},{"vulnerability":"VCID-kwgm-3rhn-h3h7"},{"vulnerability":"VCID-m22n-1r95-h7b3"},{"vulnerability":"VCID-maa3-wwya-a7hq"},{"vulnerability":"VCID-mhqq-9mfb-zket"},{"vulnerability":"VCID-mjf3-t8ym-dkfb"},{"vulnerability":"VCID-mvp6-pufw-vuav"},{"vulnerability":"VCID-n4sm-pk7p-r3f5"},{"vulnerability":"VCID-n5w4-tuca-2qe8"},{"vulnerability":"VCID-nahj-kmuw-8fa2"},{"vulnerability":"VCID-ng3y-j7js-c3gq"},{"vulnerability":"VCID-nn4p-n5f8-6bcr"},{"vulnerability":"VCID-npkj-jdnc-9ydn"},{"vulnerability":"VCID-nqca-kmxw-pkeg"},{"vulnerability":"VCID-nubx-6bmu-efhv"},{"vulnerability":"VCID-phqj-cun2-hkga"},{"vulnerability":"VCID-phrf-uytw-rbeb"},{"vulnerability":"VCID-px9g-qxcm-v3gx"},{"vulnerability":"VCID-pxet-3gqq-bbe1"},{"vulnerability":"VCID-pz9z-dw63-mqbt"},{"vulnerability":"VCID-qhqe-x9wc-sqbd"},{"vulnerability":"VCID-qmeg-u6d5-7kbb"},{"vulnerability":"VCID-qn8f-njne-wkea"},{"vulnerability":"VCID-qucp-utsj-pfa9"},{"vulnerability":"VCID-r442-6vcc-43df"},{"vulnerability":"VCID-rdhu-zhd7-pyb8"},{"vulnerability":"VCID-rr79-fdfv-wue4"},{"vulnerability":"VCID-rz5t-meeq-f7a2"},{"vulnerability":"VCID-s3cy-53r2-nkb1"},{"vulnerability":"VCID-sbas-btug-4kbj"},{"vulnerability":"VCID-sbp8-y1ap-kuay"},{"vulnerability":"VCID-sm9x-r28n-puhk"},{"vulnerability":"VCID-smet-j1kp-5qe6"},{"vulnerability":"VCID-sz8c-wy83-gygv"},{"vulnerability":"VCID-t2eu-4ew7-2qfu"},{"vulnerability":"VCID-tmcb-hc51-g3au"},{"vulnerability":"VCID-tsnm-ajh1-zyfp"},{"vulnerability":"VCID-tw37-mcdh-wkhy"},{"vulnerability":"VCID-u9ax-ysjx-4ycw"},{"vulnerability":"VCID-u9xy-qcv3-sugw"},{"vulnerability":"VCID-udj7-hpz9-wkeb"},{"vulnerability":"VCID-uhut-694f-bkd7"},{"vulnerability":"VCID-unp1-s8wm-93en"},{"vulnerability":"VCID-uwhs-7yf5-1qhz"},{"vulnerability":"VCID-uy5m-x1nq-qyc7"},{"vulnerability":"VCID-v24g-61h6-z3e4"},{"vulnerability":"VCID-v346-cdmc-ybfc"},{"vulnerability":"VCID-vb4y-nz7h-6bgf"},{"vulnerability":"VCID-vdb7-jpz3-q7gj"},{"vulnerability":"VCID-vdvr-usd4-hfe1"},{"vulnerability":"VCID-vm7w-cb39-d3ca"},{"vulnerability":"VCID-vmg6-gg3c-hffw"},{"vulnerability":"VCID-vxa4-e153-uqdg"},{"vulnerability":"VCID-w5tv-6rcz-bygx"},{"vulnerability":"VCID-wnse-7k4d-p7c7"},{"vulnerability":"VCID-wuzs-tju6-u3fk"},{"vulnerability":"VCID-x3b9-uvx4-4bb8"},{"vulnerability":"VCID-x8ux-rd5j-c3hc"},{"vulnerability":"VCID-xcx1-q32f-sfcw"},{"vulnerability":"VCID-xfcc-pyvs-rkbn"},{"vulnerability":"VCID-xtv2-cfha-bbax"},{"vulnerability":"VCID-y558-k2kf-2qap"},{"vulnerability":"VCID-y7us-vm3z-2ydu"},{"vulnerability":"VCID-yb9u-zqmf-w7db"},{"vulnerability":"VCID-yfpa-q76u-1ygg"},{"vulnerability":"VCID-yfte-4666-e3bn"},{"vulnerability":"VCID-yhtg-bwc8-x7ew"},{"vulnerability":"VCID-yn5g-hqdf-k7cn"},{"vulnerability":"VCID-ynmk-1f2c-zqcf"},{"vulnerability":"VCID-yyjf-6zxf-dub7"},{"vulnerability":"VCID-zj2p-68h9-kbh2"},{"vulnerability":"VCID-zycg-dh1c-97ea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vim@2:8.2.2434-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/133746?format=json","purl":"pkg:deb/debian/vim@2:9.0.1378-2%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kxn-f5y3-wfhg"},{"vulnerability":"VCID-21th-v7zz-7fgx"},{"vulnerability":"VCID-37wt-gr46-3bfk"},{"vulnerability":"VCID-3jah-u714-m3gd"},{"vulnerability":"VCID-44hm-r2z7-9kf9"},{"vulnerability":"VCID-466q-u5xw-w3g4"},{"vulnerability":"VCID-4c38-b6tw-ufd9"},{"vulnerability":"VCID-4n6v-zwra-vkda"},{"vulnerability":"VCID-68d3-j6xp-u3fw"},{"vulnerability":"VCID-6tph-4fts-mkds"},{"vulnerability":"VCID-77bk-xfwm-qbh3"},{"vulnerability":"VCID-8337-c76a-gbde"},{"vulnerability":"VCID-85na-u24s-pfed"},{"vulnerability":"VCID-96sr-9kny-cbg6"},{"vulnerability":"VCID-aqts-gjq5-kbfc"},{"vulnerability":"VCID-bfj8-ev52-mbh1"},{"vulnerability":"VCID-bqp2-8xpn-h3d6"},{"vulnerability":"VCID-cdvg-q112-dbby"},{"vulnerability":"VCID-d7rr-gwb7-xyfq"},{"vulnerability":"VCID-gmtk-gwvs-pugw"},{"vulnerability":"VCID-gmve-apcr-xqav"},{"vulnerability":"VCID-h5zu-mw4y-83em"},{"vulnerability":"VCID-h93h-421a-xfbd"},{"vulnerability":"VCID-hhc6-edy9-gbdr"},{"vulnerability":"VCID-jumk-chhp-67e9"},{"vulnerability":"VCID-k8yw-7wcu-bfeg"},{"vulnerability":"VCID-mjf3-t8ym-dkfb"},{"vulnerability":"VCID-nahj-kmuw-8fa2"},{"vulnerability":"VCID-ng3y-j7js-c3gq"},{"vulnerability":"VCID-nubx-6bmu-efhv"},{"vulnerability":"VCID-pz9z-dw63-mqbt"},{"vulnerability":"VCID-qucp-utsj-pfa9"},{"vulnerability":"VCID-s3cy-53r2-nkb1"},{"vulnerability":"VCID-sbp8-y1ap-kuay"},{"vulnerability":"VCID-sm9x-r28n-puhk"},{"vulnerability":"VCID-sz8c-wy83-gygv"},{"vulnerability":"VCID-t2eu-4ew7-2qfu"},{"vulnerability":"VCID-u9xy-qcv3-sugw"},{"vulnerability":"VCID-udj7-hpz9-wkeb"},{"vulnerability":"VCID-v24g-61h6-z3e4"},{"vulnerability":"VCID-v346-cdmc-ybfc"},{"vulnerability":"VCID-vdvr-usd4-hfe1"},{"vulnerability":"VCID-vm7w-cb39-d3ca"},{"vulnerability":"VCID-wmgw-22c9-6kfk"},{"vulnerability":"VCID-y558-k2kf-2qap"},{"vulnerability":"VCID-yb9u-zqmf-w7db"},{"vulnerability":"VCID-yn5g-hqdf-k7cn"},{"vulnerability":"VCID-ynmk-1f2c-zqcf"},{"vulnerability":"VCID-yyjf-6zxf-dub7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vim@2:9.0.1378-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/133750?format=json","purl":"pkg:deb/debian/vim@2:9.1.1230-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kxn-f5y3-wfhg"},{"vulnerability":"VCID-21th-v7zz-7fgx"},{"vulnerability":"VCID-37wt-gr46-3bfk"},{"vulnerability":"VCID-3jah-u714-m3gd"},{"vulnerability":"VCID-466q-u5xw-w3g4"},{"vulnerability":"VCID-68d3-j6xp-u3fw"},{"vulnerability":"VCID-77bk-xfwm-qbh3"},{"vulnerability":"VCID-96sr-9kny-cbg6"},{"vulnerability":"VCID-aqts-gjq5-kbfc"},{"vulnerability":"VCID-fkmm-ehwq-xye9"},{"vulnerability":"VCID-gmtk-gwvs-pugw"},{"vulnerability":"VCID-gmve-apcr-xqav"},{"vulnerability":"VCID-h5zu-mw4y-83em"},{"vulnerability":"VCID-nubx-6bmu-efhv"},{"vulnerability":"VCID-sm9x-r28n-puhk"},{"vulnerability":"VCID-udj7-hpz9-wkeb"},{"vulnerability":"VCID-v24g-61h6-z3e4"},{"vulnerability":"VCID-vdvr-usd4-hfe1"},{"vulnerability":"VCID-y558-k2kf-2qap"},{"vulnerability":"VCID-yn5g-hqdf-k7cn"},{"vulnerability":"VCID-yyjf-6zxf-dub7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vim@2:9.1.1230-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/133749?format=json","purl":"pkg:deb/debian/vim@2:9.2.0524-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vim@2:9.2.0524-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/186134?format=json","purl":"pkg:rpm/redhat/vim@1:6.0-7?arch=25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5gaz-u5jq-gkbx"},{"vulnerability":"VCID-u31g-svbe-h3as"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/vim@1:6.0-7%3Farch=25"},{"url":"http://public2.vulnerablecode.io/api/packages/186133?format=json","purl":"pkg:rpm/redhat/vim@1:6.3.046-0.30E?arch=11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5gaz-u5jq-gkbx"},{"vulnerability":"VCID-u31g-svbe-h3as"},{"vulnerability":"VCID-uk67-uv62-quhv"},{"vulnerability":"VCID-x9j8-feju-7kh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/vim@1:6.3.046-0.30E%3Farch=11"},{"url":"http://public2.vulnerablecode.io/api/packages/186135?format=json","purl":"pkg:rpm/redhat/vim@1:6.3.046-1.el4_7?arch=5z","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5gaz-u5jq-gkbx"},{"vulnerability":"VCID-u31g-svbe-h3as"},{"vulnerability":"VCID-uk67-uv62-quhv"},{"vulnerability":"VCID-x9j8-feju-7kh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/vim@1:6.3.046-1.el4_7%3Farch=5z"},{"url":"http://public2.vulnerablecode.io/api/packages/186136?format=json","purl":"pkg:rpm/redhat/vim@2:7.0.109-4.el5_2?arch=4z","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1yzh-sauy-xkb2"},{"vulnerability":"VCID-5gaz-u5jq-gkbx"},{"vulnerability":"VCID-cj62-behh-nbbz"},{"vulnerability":"VCID-fdgd-vgt7-5yg9"},{"vulnerability":"VCID-u31g-svbe-h3as"},{"vulnerability":"VCID-uk67-uv62-quhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/vim@2:7.0.109-4.el5_2%3Farch=4z"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2712.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2712","reference_id":"","reference_type":"","scores":[{"value":"0.16974","scoring_system":"epss","scoring_elements":"0.95096","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2712"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=451759","reference_id":"451759","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=451759"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486502","reference_id":"486502","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486502"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/31911.txt","reference_id":"CVE-2008-2712;OSVDB-46306","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/31911.txt"},{"reference_url":"https://www.securityfocus.com/bid/29715/info","reference_id":"CVE-2008-2712;OSVDB-46306","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/29715/info"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0580","reference_id":"RHSA-2008:0580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0617","reference_id":"RHSA-2008:0617","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0617"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0618","reference_id":"RHSA-2008:0618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0618"}],"weaknesses":[],"exploits":[{"date_added":"2008-06-14","description":"Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":false,"source_date_published":"2008-06-14","exploit_type":"local","platform":"linux","source_date_updated":"2014-03-03","data_source":"Exploit-DB","source_url":"https://www.securityfocus.com/bid/29715/info"}],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.2","risk_score":0.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u31g-svbe-h3as"}